The mission of the Auth0 Compliance team is to provide evidence that builds customer trust in Auth0’s management of security and privacy, by obtaining relevant industry certifications and making audit information available to assist customers in satisfying their compliance requirements.
- Ensuring compliance with industry regulations and working with independent, external auditors to demonstrate such compliance to achieve certification of compliance.
- Stay abreast of industry requirements for certifications relevant to Auth0’s business.
- Maintain in-depth knowledge of certifications and controls such as SOC-2, HIPAA, PCI-DSS, ISO 27001, GDPR, FedRAMP.
- Develop control definitions and pass criteria for compliance.
- Interview internal resources and review process documentation to assess compliance with established controls and identify gaps.
- Work with other teams to identify solutions for compliance gaps.
- Track compliance gaps and ensure work to remediate gaps meets deadlines.
- Conduct periodic reviews of policies, procedures and operations for compliance.
- Conduct periodic reviews of vendors’ certifications and compliance.
- Organize and present audit documents for review with external auditors.
- Conduct internal audits to identify risks and manage risk-tracking efforts.
- Create and deliver training to employees on compliance topics.
- Define and monitor metrics on compliance progress.
- Drive innovation to improve compliance effectiveness and efficiency.
- Prepare customer-facing collateral on compliance efforts.
- Meet with customers to resolve concerns related to privacy, security and compliance.
- Respond to customer inquiries on compliance related matters.
- Minimum 3 years work experience in compliance within the software industry.
- Knowledge of industry cloud technologies.
- Experience with certifications and standards such as SOC-2, HIPAA, PCI-DSS, ISO 27001, and GDPR.
- Experience with information security principles/practices.
- Experience with privacy principles/practices.
- Some experience with software development practices.
- Excellent written and verbal communication skills (English).
- Passionate about security, privacy and compliance.
- Self-motivated, quick learner, fast researcher.
- Have experience with and are comfortable with a remote working environment.
- Bachelor’s degree in a related field.
- Public Accounting/Big 4 Consulting Experience.
- Technical information security Experience.
- BA/BS in Computer Science, Engineering.